XML Security 2.0 Performance Analysis

W3C Note 03 November 2010

This version:
Latest published version:
Latest editor's draft:
Previous version:
Pratik Datta, Oracle
Frederick Hirsch, Nokia
Meiko Jensen, Invited Expert


This document provides an overview of performance considerations relevant to XML Security, in particular demonstrated improvements to XML Canonicalization, XPath selection of material for signing, and XML Signature in 2.0.

Status of This Document

This section describes the status of this document at the time of its publication. Other documents may supersede this document. A list of current W3C publications and the latest revision of this technical report can be found in the W3C technical reports index at http://www.w3.org/TR/.

This document was published by the XML Security Working Group as a Note. If you wish to make comments regarding this document, please send them to public-xmlsec@w3.org (subscribe, archives). All feedback is welcome.

Publication as a Note does not imply endorsement by the W3C Membership. This is a draft document and may be updated, replaced or obsoleted by other documents at any time. It is inappropriate to cite this document as other than work in progress.

This document was produced by a group operating under the 5 February 2004 W3C Patent Policy. W3C maintains a public list of any patent disclosures made in connection with the deliverables of the group; that page also includes instructions for disclosing a patent. An individual who has actual knowledge of a patent which the individual believes contains Essential Claim(s) must disclose the information in accordance with section 6 of the W3C Patent Policy.

Table of Contents

1. Introduction

The XML Signature signing process includes the selection of referenced material to be signed, canonicalization of the material and generation of a signature.

Significant performance improvements can be achieved by supporting streaming, reducing the memory needed especially for large documents.

Additional significant performance improvements can be achieved by removing the reliance on nodesets and instead working with subtrees (with possible subtree exclusions).

In addition to these two significant approaches which yield the largest benefits due to the architectural implications, the 2.0 specifications incorporate numerous additional changes with the intention of increasing simplicity and performance.

2. Streaming and Performance

2.1 Streamable XPath for selection

2.2 Other changes for streamability

3. Impact of eliminating nodesets from the processing model

4. Simplifications and other performance improvements

5. Conclusion

A. References

Dated references below are to the latest known or appropriate edition of the referenced work. The referenced works may be subject to revision, and conformant implementations may follow, and are encouraged to investigate the appropriateness of following, some or all more recent editions or replacements of the works cited. It is in each case implementation-defined which editions are supported.

A.1 Normative references

No normative references.

A.2 Informative references

No informative references.